Cybersecurity trend watch: Data protection's business influence
As business leaders continue to realize the bottom line value of data protection, the cybersecurity market is already ripe for disruption. At the Gartner Security & Risk Management Summit in National Harbor, Md., last month, Gartner, Inc. research vice president Peter Firstbrook presented a list of the top six trends that Gartner research analysts voted the most influential trends in the security and risk market.
Firstbrook made clear to the audience that each cybersecurity trend he listed was not a prediction, but instead were changes happening right now that will continue to have a major influence on IT security in the next several years. In part one of this two-part blog, get a rundown of the first half of Gartner’s cybersecurity trend list.
Senior business executives are finally aware that cybersecurity has a significant impact on the ability to achieve business goals and protect the corporate reputation.
Firstbrook said that there is “no question” that the reason why senior business execs are paying more attention to cybersecurity is due to the fallout from major data security breaches that have occurred in recent years. He pointed to examples including Verizon’s $350 million discount on their purchase of Yahoo as a result of Yahoo’s 2016 data breach; and the huge Equifax data breach that cost the company’s CEO, CIO and the CSO their jobs.
But to sustain that executive interest, an organization’s cybersecurity leadership must change their mindset to prove to business leaders that security processes bring business value. Cybersecurity leaders must understand the organization’s appetite for risk and how it fits into achieving the organization’s goals, Firstbrook said.
“You have to articulate the risks that you experience, or that you know of, in the context of their business objectives,” he said. “If they want to improve brand loyalty, if they want to improve revenue, if they want to improve or create new business opportunities — you have to explain all the things you’re doing in the context of that.”
Legal and regulatory mandates on data protection practices are impacting digital business plans and demanding increased emphasis on data liabilities.
Although business executives are starting to get better about grasping cybersecurity’s business value, their understanding about the liability of data is often lacking, Firstbrook said. Ignoring data liability has huge implications, he said, noting the huge hit Facebook’s brand took after news broke that Cambridge Analytica was allowed access to more than 50 million users’ personal data.
Data-specific regulatory compliance rules also pose a major liability: companies that violate GDPR rules implemented this year can be fined millions of dollars or up to 4% of their revenue.
“Leading digital businesses are starting to understand and use the full liability cost of data in their digital business plans,” Firstbrook said.
When done correctly, companies can even turn data liability risk into business opportunities. The GDPR rules require companies to tell customers exactly how they use their data, for example. Compliant organizations can advertise how transparent the company is about the way it uses their customer’s data, Firstbrook said.
“You can create a whole new brand experience for your customers that will actually differentiate you from the competition,” he added.
Security products are rapidly exploiting cloud delivery to provide more agile solutions.
Cloud delivery provides numerous benefits over on-premises security solutions, Firstbrook said, most notably advantages of scale that allow providers to offer more service opportunities, and to make updates quickly.
“It eliminates a lot of the maintenance burden on you to stay current,” Firstbrook said, adding that he’s talked to companies that are using endpoint security software that is five years out of date. “Guess what? You’re not going to stay in the game if you’re that far behind.”
As a result, leading security organizations are now critically reviewing new on premises security solutions to decide whether the cloud might be a better option, Firstbrook said.
“They’re way more agile,” he said of cloud-delivered security solutions. “They can change the detection technology, they can change the way that thing works overnight. With an on prem solution you know every quarter they update it and you probably update it two quarters after that — if you do it all.”